Privacy Policy

Last updated: 2026-06-07 · Governing law: Arab Republic of Egypt

1. Who We Are

Masaar Media ("we", "us", "our") is a digital marketing agency operating in the Arab Republic of Egypt, reachable at hello@masaar-media.com and masaar-media.com. We manage organic social media content on behalf of business clients ("clients") who retain full ownership of their social media accounts.

This Privacy Policy explains what personal data we collect, why we collect it, how we protect it, and what rights you have over it. It applies to: (a) visitors who submit our website's register-interest form, and (b) clients who connect their social media accounts to our publishing platform.

2. Data We Collect

A. Website visitors — register-interest form

Email address — submitted voluntarily via the interest form on masaar-media.com. Used solely to follow up on your enquiry about a client position with the agency. Not used for unsolicited marketing.

B. Clients — social account integration

When a client connects a social media account to our platform, we collect and store only what is strictly necessary to publish content on their behalf:

OAuth access token — the credential issued by the social platform (TikTok, Meta/Instagram, Meta/Facebook) that authorises our platform to post content to the client's account. Stored securely; never shared with third parties.
Platform user identifier (open_id / account ID) — the platform-assigned identifier for the connected account. Used to route publishing calls to the correct account.
Account display name and avatar — retrieved at authorisation time to display to the client inside our platform as confirmation of which account was connected. Not stored beyond the active session unless the client explicitly saves the connection.

C. What we do NOT collect

We do not collect, access, or store any data about the end-consumers, followers, or audiences of our clients' social media accounts.
We do not collect payment card data (payments are handled by third-party processors outside our platform).
We do not collect sensitive personal data (health, biometric, political, or religious information).
We do not collect data from children under 18.

3. Why We Collect It — Purpose and Legal Basis

Interest form email — Purpose: respond to your enquiry. Legal basis: your consent at point of submission.
OAuth access token and open_id — Purpose: publish client-approved content to the connected social media account on the agreed schedule. Legal basis: performance of the service agreement between Masaar Media and the client.
Account display name and avatar — Purpose: confirm the correct account is connected during the authorisation flow. Legal basis: performance of the service agreement.

We do not use any collected data for advertising, profiling, or sale to third parties.

4. Storage and Protection

Data is stored on servers accessed only by authorised Masaar Media personnel. OAuth access tokens are stored in encrypted form at rest. Access to stored tokens is restricted to the publishing subsystem that uses them to make API calls; they are not accessible to any marketing, analytics, or reporting function.

We apply the following minimum controls:

Encrypted storage at rest for all access tokens.
HTTPS (TLS) encryption for all data in transit.
Access limited to authorised personnel on a need-to-know basis.
No token or credential is ever logged in plain text in any log file or analytics system.

Interest form email addresses are stored in our form-processing service (currently Formspree; see Section 6 for third-party details) and in our internal client-enquiry log. They are retained until you request deletion or until the enquiry is resolved and no ongoing relationship exists, whichever is sooner.

Client OAuth tokens are retained for as long as the client account remains active with Masaar Media. Upon termination of the client relationship (see Terms of Service), tokens are deleted within 30 days unless a shorter period is agreed in writing.

5. Third-Party Platforms

Our service involves the following third-party platforms. Each has its own privacy policy governing their processing of data:

TikTok — When a client authorises our TikTok app ("Masaar Media Publisher"), the authorisation flow is handled entirely by TikTok's native OAuth screen. TikTok issues the access token that we then store. TikTok's privacy policy: tiktok.com/legal/privacy-policy.
Meta (Facebook / Instagram) — When a client connects a Facebook Page or Instagram Business account, the authorisation is handled through Meta's Business Manager / OAuth flow. We store the resulting access token only. Meta's data policy: facebook.com/privacy/policy.
Formspree — The register-interest form on our website sends submissions to Formspree (formspree.io), which processes and stores the submitted email address on our behalf. Formspree's privacy policy: formspree.io/legal/privacy-policy.
Vercel / Cloudflare — Our website is served via Vercel (hosting) and Cloudflare (DNS and CDN). Standard server logs (IP address, timestamp, URL) may be collected by these infrastructure providers under their own policies. We do not use these logs for identifying individual visitors. Vercel: vercel.com/legal/privacy-policy. Cloudflare: cloudflare.com/privacypolicy.

We do not sell, rent, or trade personal data with any third party for commercial purposes.

6. Your Rights

You have the following rights regarding your personal data:

Access — You may request a copy of the personal data we hold about you.
Correction — You may request that inaccurate data be corrected.
Deletion — You may request that we delete your personal data. For clients, this includes deletion of stored OAuth tokens. Deletion requests are processed within 30 days.
Withdrawal of consent — Where processing is based on consent (the interest form email), you may withdraw consent at any time by emailing us.

To exercise any of these rights, email hello@masaar-media.com with the subject line "Data Request". We will respond within 30 days.

Token revocation for social platforms:

Clients may revoke our platform's access to their social media accounts at any time directly through the platform's native settings, independently of contacting us:

TikTok: TikTok app → Profile → Settings and Privacy → Security → Manage app permissions → Masaar Media Publisher → Revoke access.
Meta (Facebook/Instagram): Facebook Settings → Security and Login → Apps and Websites → Remove Masaar Media.

Revoking access via the platform immediately invalidates the stored token and stops all automated posting to that account.

7. Analytics and Cookies

The Masaar Media website (masaar-media.com) currently uses no first-party analytics cookies. Infrastructure providers (Vercel, Cloudflare) may collect standard server-side access logs as described in Section 5. We do not deploy Google Analytics, Meta Pixel, or TikTok Pixel on our own agency website (masaar-media.com). Tracking pixels are deployed only on client campaign landing pages at client-specific subdomains, under separate arrangements with those clients.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent revision. We will notify active clients of material changes by email at least 14 days before the change takes effect. Continued use of our services after that date constitutes acceptance of the revised policy.

9. Governing Law and Contact

This Privacy Policy is governed by the laws of the Arab Republic of Egypt. Any disputes arising from this policy are subject to the exclusive jurisdiction of Egyptian courts.

For privacy-related questions, data requests, or deletion requests, contact us at:

Email: hello@masaar-media.com
Website: masaar-media.com